IT Security News Blast 6-28-2017

Citing recent data from HIMSS, Ehrenfeld explained that despite the “tsunami of cyber threats” against health IT systems, healthcare providers and organizations are woefully underfunding their defense efforts. “Only half of US healthcare organizations say they believe that they have adequate human or financial resources to either detect or manage a data breach,” Ehrenfeld said. “Only half. Healthcare providers, according to HIMSS, spend about 6 percent of their health IT budget on security.”

This mindset of “get it done” rather than “do it right” creates the conditions where people ask for the minimum set of actions and tools to comply instead of making the right decision for the organization. Yet the companies that take time to assess reap big rewards. Take, for instance, a 2016 study on the cost of cyber crime that found companies that assessed their information management and governance practices and technology needs saved $1 million to $3 million.

The US Court of Appeals for the Eleventh District listened to oral arguments last week in the case of LabMD, Inc. versus the Federal Trade Commission (FTC). The Court must determine if the FTC overstepped its authority with its data security enforcement standard. […] LabMD points out that what the FTC here found to be harm is ‘not even ‘intangible,’’ as a true data breach of personal information to the public might be, ‘but rather is purely conceptual’ because this harm is only speculative.”

Hackers have caused widespread disruption across Europe, hitting Ukraine especially hard. Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices. Russia’s Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant A.P. Moller-Maersk. “We are talking about a cyberattack,” said Anders Rosendahl, a spokesman for the Copenhagen-based group. “It has affected all branches of our business, at home and abroad.”

A major ransomware attack on Tuesday hit computers at Russia’s biggest oil company, the country’s banks, Ukraine’s international airport, a major U.S. pharmaceutical company as well as global shipping firm A.P. Moller-Maersk. Moscow-based cyber security firm Group IB said hackers had exploited code developed by the U.S. National Security Agency (NSA) which was leaked and then used in the WannaCry ransomware attack that caused global disruption in May.

The identification of the initial vector has proven more challenging. Early reports of an email vector can not be confirmed. Based on observed in-the-wild behaviors, the lack of a known, viable external spreading mechanism and other research we believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc. This appears to have been confirmed by MeDoc. Talos continues to research the initial vector of this malware.

Petya seems to be primarily impacting organizations in Europe, however the malware is starting to show up in the United States. Legal Week reports that global law firm DLA Piper has experienced issues with its systems in the U.S. as a result of the outbreak. […] “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” Weaver said. “The best way to put it is that Petya’s payment infrastructure is a fecal theater.”

So you know, once you start to go back into that history, you can see that there’s a kind of syllogism here that Russia hacked the Ukrainian election, and then when they got away with that, they tried it in the U.S. And then Russia hacked the Ukrainian power grids. And then you have to wonder, is the next step that they’re going to try that sort of attack on the West or on the United States?

Britain may go to war with foreign states attempting cyber attack on UK, Defence Secretary warns

The chilling threat came as the Tory hawk revealed foreign enemy states are launching two “high level cyber attacks” on Britain every single day. In a major speech be blasted “aggressor states like Russia, working overtime to disrupt and discolour our democracy” who launch around 60 attacks on Britain’s government IT, infrastructure and businesses every month.

The letter specifically called for directing the department to conduct an examination of the scope of Russian capabilities to use cyber warfare to threaten energy infrastructure and the extent to which the Russians have already attempted various cyber intrusions into the electric grid and associated energy facilities, within 60 days time.

It remains true that there is no actual evidence that a single vote was changed by hackers in the 2016 election. But even the possibility of hacking has served to promote the sort of conspiracy-mongering and political hatred that led to, for example, the shooting attack on Republican lawmakers last week. In a democratic polity, people have to believe that their votes are counted honestly, or the legitimacy of the system collapses.

“Voluminous,” “disjointed” and “complex” were just a few of the words Oklahoma CIO James “Bo” Reese used to describe the federal cybersecurity regulations facing states in written testimony before a U.S. Senate committee June 21. Reese, who also serves as the vice president of the National Association of State Chief Information Officers (NASCIO), discussed some of the issues states face when complying with federal cybersecurity regulation with members of the Senate Homeland Security and Government Affairs Committee Wednesday morning.

This morning a newly registered member posted the master decryption keys for the Wallet Ransomware in the BleepingComputer.com forums. This post was created at 9:13 AM EST by a member named lightsentinelone in the Dharma Ransomware Support Topic and contained a Pastebin link.

Specifically, Muzahid is working to develop an artificial intelligence system that can detect software bugs and security attacks in computer systems, often before they deploy. According to Muzahid, the goal of his project is to create “a self-policing computer system that is accurate, adaptive and fast.” The project — called NFrame — is the first application of neural nets to such a purpose, he said.

In making the announcement, each of the four tech giants firms said they were joining together to meet the critical challenge of terrorism and violent extremism. Each has been developing policies to take a hard line against content it deemed terrorist or violent extremist, but forming an alliance was an effort to share technologies and operational aspects of their individual initiatives to better fight against terrorist content.

Researchers state the stack buffer overflow flaw, CVE-2017-9948, has a “critical impact” to local and remote Skype users. Attackers can crash the software with a request to overwrite the register of the active software process. This lets them execute their own malicious code on affected and connected systems via Skype.

As long ago as 1994, Peter Shor developed a quantum algorithm to factor large prime numbers. It was not considered an urgent problem at the time, given the lack of quantum computers. Today, however, quantum computing is much closer. If it becomes commercially viable within the next 15 years, then cryptography already has a problem — the world’s data currently protected by algorithms such as RSA, the world’s most popular public-key cryptosystem, will become readable. If it takes nearer thirty years, then there is potentially time to solve the problem.

In typically broken English, the mysterious hacking group threatened to unmask a former member of the NSA’s elite hacking group called Equation Group, who developed several hacking tools to break into Chinese organizations. The Shadow Brokers did not reveal much about the former Equation Group member, expect that the person is living in Hawaii and currently a “co-founder of a new security company and is having much venture capital.”

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.